how long should a password be?
David Shaw
dshaw at jabberwocky.com
Mon May 5 19:55:57 CEST 2008
On May 5, 2008, at 4:05 AM, Sven Radde wrote:
> Hi!
>
> Matt Kinni schrieb:
>> Everyone says it should be as long as possible (...) What do you
>> think?
> You might find this interesting read: <http://www.schneier.com/blog/archives/2007/01/choosing_secure.html
> >
That's a good article. See this also: <http://world.std.com/~reinhold/diceware.html
>. It gives a way of easily generating and (fairly) easily
remembering long passphrases.
> Also keep in mind that in order to attack your password, an attacker
> would first have to access your secret keyring (unless you use GnuPg
> for symmetric encryption).
This is very true and very important. The passphrase is really the
protection of last resort, and only comes into play after the secret
key is already lost. Simply locking your front door gives a layer of
protection here, and there are many other ways to prevent access to a
secret key so the passphrase never even gets tested.
David
More information about the Gnupg-users
mailing list